Wiki

User Tools

Site Tools

Trace:
pfsense:troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:troubleshooting [2020/04/22 10:40] peterpfsense:troubleshooting [2021/02/19 09:59] (current) peter
Line 1: Line 1:
 ====== PFSense - Troubleshooting ====== ====== PFSense - Troubleshooting ======
  
-[[PFSense:Troubleshooting:Firewall Blocking an Internal Address|Firewall Blocking an Internal Address]]+[[PFSense:Troubleshooting:Amazon app reports "Ooops, an error has occurred"|Amazon app reports "Ooops, an error has occurred"]]
  
-----+[[PFSense:Troubleshooting:Crash Report|Crash Report]]
  
-===== PFSENSE BEHIND A ROUTER =====+[[PFSense:Troubleshooting:Disk usage increasing|Disk usage increasing]]
  
-Fromhttp://hakology.co.uk/2014/02/pfsense-behind-a-router/ +[[PFSense:Troubleshooting:Firewall Blocking an Internal Address|Firewall Blocking an Internal Address]]
  
-<code> +[[PFSense:Troubleshooting:mbuf full|mbuf full]]
-Can pfsense ping router – NO WAN config error +
-Can pfsense ping pfsense client – NO – LAN config error / Client firewall +
-Can pfsense client ping pfsense – NO – LAN config error / Client firewall +
-Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error +
-Can pfsense client ping router – NO – NAT error +
-Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error +
-Can pfsense client ping 8.8.8.8 – YES – All good +
-Can pfsense client load a website – NO – DNS Error – Check everything above is OK +
-Can pfsense client load a website – YES – Everything is working +
-</code>+
  
 +[[PFSense:Troubleshooting:PfSense is restoring the configuration|PfSense is restoring the configuration]]
  
-----+[[PFSense:Troubleshooting:SSL_ERROR_RX_RECORD_TOO_LONG|SSL_ERROR_RX_RECORD_TOO_LONG]]
  
-===== Firewall Blocking an Internal Address =====+[[PFSense:Troubleshooting:Tuning and Troubleshooting Network Cards|Tuning and Troubleshooting Network Cards]]
  
-==== Try to open a pass-all rule ====+[[PFSense:Troubleshooting:OpenVPN Client Common Name shows as UNDEF|OpenVPN Client Common Name shows as UNDEF]]
  
-Add a pass-all rule at the top for that VLAN on pfSense and enable logging.+[[PFSense:Troubleshooting:Out of disk space on /var/run|Out of disk space on /var/run]]
  
-If this allows this through then go through each subsequent rule to see if there is a problem. 
  
-==== Check ARP tables ==== 
  
-Navigate to **Diagnostics -> ARP Table**. 
- 
-On your client, when you try and ping pfSense on 192.168.1.1, you should see your MAC in the ARP table. 
- 
-Check the MAC address is correct, i.e. matches up with pfSense MAC address. 
- 
- 
-If the MAC address does not match the pfSense MAC address: 
- 
-  * There may be an entry for the IP in the ARP, so try to delete it.   
-  * The system should automatically add this in again correctly. 
- 
- 
-==== Check the Firewall Logs ==== 
- 
-Check firewall logs at **Status -> System Logs -> Firewall** 
  
  
 ---- ----
  
-===== SSL_ERROR_RX_RECORD_TOO_LONG =====+===== PFSENSE BEHIND A ROUTER =====
  
-Getting the error **SSL_ERROR_RX_RECORD_TOO_LONG** when attempting to access multiple different sites, sometimes goes away with refresh but sometimes persists. +Fromhttp://hakology.co.uk/2014/02/pfsense-behind-a-router/ 
- +
-{{:pfsense:pfsense_ssl_error_rx_record_too_long.png?800|}} +
- +
-Usually when using Squid option of **Splice All** for SSL/MITM Mode. +
- +
-Can't connect to 192.168.1.1:443 (certificate verify failed)+
  
 <code> <code>
-SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 50.+Can pfsense ping router – NO - WAN config error. 
 +Can pfsense ping pfsense client – NO – LAN config error / Client firewall. 
 +Can pfsense client ping pfsense – NO – LAN config error Client firewall. 
 +Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error. 
 +Can pfsense client ping router – NO – NAT error. 
 +Can pfsense client ping 8.8.8.8 – NO – NAT error ADSL CABLE config error. 
 +Can pfsense client ping 8.8.8.8 – YES – All good. 
 +Can pfsense client load a website – NO – DNS Error – Check everything above is OK. 
 +Can pfsense client load a website – YES – Everything is working.
 </code> </code>
  
-Check:+If you are having issue make sure you disable any firewalls you have running on the pfsense client boxes … once you have your network configured you can enable them later.
  
-<code bash> +----
-openssl s_client -connect 192.168.1.1:443 +
-</code>+
  
-returns: 
- 
-<code bash> 
-... 
-Verify return code: 21 (unable to verify the first certificate) 
-... 
-</code> 
- 
- 
- 
-==== Solution ==== 
- 
- 
-  * **Servicess -> SquidGuard Proxy Filter -> Common ACL -> ALL to allow** 
- 
-  * May need to refresh the browser cache: 
-    * CTRL F5 
-    * CTRL+SHIFT+r 
-    * SHIFT+reload button  
- 
-  * Might need to turn off support for the newest and most secure connection protocol, TLS 1.3. 
-    * In Firefox 
-      * Type **about:config** in the address bar and press Enter/Return. 
-      * In the search box above the list, type **TLS**. 
-      * Double-click the **security.tls.version.max** preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2). 
-      * Then click **OK**. 
- 
----- 
  
pfsense/troubleshooting.1587552021.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki